1

I have a launch configuration and auto-scaling group set up. The launch config uses an AMI that I've already created, based on Ubuntu 14.04, that installs Nginx, Git, and has my static files stored as a Git repo in Nginx's /usr/share/nginx/html/ directory.

The problem: the static files in my nginx/html directory are only as new as the files that were loaded in the AMI when I created it.

To remedy this, I have tried to add a "User Data" field into the launch config. The field is defined as: 

#! /bin/bash
cd /usr/share/nginx/html/
git pull origin master
<my git repo's password>

But when I check to see if the instance has the latest version of the repo, I see that it doesn't. Something is wrong with my script, and I'm not sure what.

I have tested entering these commands one-by-one exactly as is into the EC2 instance via SSH, and it works exactly as expected.

Why doesn't this work in the user data field?

Note: I have verified that the 'bash' file is indeed present in /bin/bash.

jdogg
  • 268
  • 2
  • 14
  • Do you really have just plain password on line 4 of your script? I doubt it can work. Each line of bash script has to contain a command. Password is not a command definitely. – David Ferenczy Rogožan Sep 24 '15 at 00:56
  • how else could I do it? When I attempt to pull from the repo I am always prompted for a password. – jdogg Sep 24 '15 at 01:09

3 Answers3

1

You need to pass username and password of your repository with the repo url

Sample example :

#! /bin/bash
cd /usr/share/nginx/html/
git clone https://username:password@yourRepoURL.git
Animesh Kumar Paul
  • 2,241
  • 4
  • 26
  • 37
0

Problem is definitely in the bash script. Everything it contains is executed by bash, so it actually tries to execute your password as a command.

There are multiple ways to provide a password to Git in a script. See for example this question: How to provide username and password when run "git clone git@remote.git"?

It basically depends on how secure do you need it. Maybe it's enough to have a plain text password in Git's config (it doesn't have to be so bad if you set a restricted mode for that file, it would be similar to using a private key without passphrase).

Community
  • 1
  • 1
David Ferenczy Rogožan
  • 23,966
  • 9
  • 79
  • 68
0

It's been a while since I asked this- I've learned a lot since then.

You can pass your username and password as part of the URL, but that is bad form as if you share the code with anyone or give anyone access to your script then they will know your account credentials.

The best way to do this would be to set up your server to connect to your Git repo over SSH - I believe this is industry best practice as it is more secure and password-less.

jdogg
  • 268
  • 2
  • 14
  • can you tell people why it is "bad form" – Drew Dec 23 '15 at 05:54
  • 1
    [Stack article](http://stackoverflow.com/questions/323200) versus `non-ssl` and man-in-the-middle-attacks and retention of browser cache – Drew Dec 23 '15 at 06:01
  • [Troy Hunt article](http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html) search on the phrase "Doesn’t look too bad? Let’s take a look at the URL" – Drew Dec 23 '15 at 06:06